#!/usr/bin/env bash

# ----------------------------------------------------------------------
# Filename:   01-icmpTime-desktop.sh
# Version:    1.0
# Date:       2020/05/14
# Author:     Lz
# Email:      lz843723683@gmail.com
# History：     
#             Version 1.0, 2020/05/14
# Function:   ICMP时间获取漏洞
# Out:        
#              0 => TPASS
#              1 => TFAIL
#              other=> TCONF
# ----------------------------------------------------------------------

## TODO : 测试收尾清除工作
#
IcmpTimeClean_FTGW(){
	return $TPASS
}


## TODO: 调用程序退出函数
#    In: $1 => 调用脚本结果值
IcmpTimeExit_FTGW(){
        # 调用退出函数，其中调用了clean相关函数
	Exit_FTLIB ${1}
}


## TODO: 用户界面
#
IcmpTimeUSAGE_FTGW(){
	USAGE_FTLIB "金风版本(通用) - ICMP时间获取漏洞"
}


## TODO : 测试前的初始化 
#  Out  : 
#         0 => TPASS
#         1 => TFAIL
#         other=> TCONF
IcmpTimeInit_FTGW(){
        # 调用初始化函数
	Init_FTLIB "IcmpTimeClean_FTGW"
        # 调用用户界面函数
 	IcmpTimeUSAGE_FTGW
}


## TODO ：ICMP时间获取漏洞
#
IcmpTimeTest01_FTGW(){
        local ret="$TPASS"

        local flag1="ipv4 filter INPUT 0 -p ICMP --icmp-type timestamp-request -m comment --comment 'deny ICMP timestamp' -j DROP"
        local flag2="ipv4 filter INPUT 0 -p ICMP --icmp-type timestamp-reply -m comment --comment 'deny ICMP timestamp' -j DROP"
        local cmd="firewall-cmd --direct --get-all-rules"

        eval $cmd | grep -q "$flag1"
        if [ $? -eq 0 ];then
        # 存在flag1对应字符串
                eval $cmd | grep -q "$flag2"
                if [ $? -ne 0 ];then
                        ret=$TFAIL
                fi
        else
                ret=$TFAIL
        fi

        echo "Command : $cmd"
        eval $cmd

        OutputRet_FTLIB ${ret}
        RetParse_FTLIB "ICMP时间获取漏洞，存在${flag1} 和 ${flag2}" "False"
}


## TODO : Main
#  Out  : 
#         0 => TPASS
#         1 => TFAIL
#         other => TCONF
IcmpTimeMain_FTGW(){
	IcmpTimeInit_FTGW

	IcmpTimeTest01_FTGW

	return ${TPASS}	
}

IcmpTimeMain_FTGW
IcmpTimeExit_FTGW $?
